Steam spawns vulnerabilities, say researchers

Gamers can be fragged by 'undocumented features'

Common Topics

A new security research outfit called ReVuln has presented its letter of introduction to the world in the form of a paper that analyses how the Steam protocol can expose gamers to attacks.

In this document (PDF), the company analyses what happens when a URL using the protocol steam:// is redirected. Of the major browsers, Internet Explorer and Chrome present warnings (Chrome being the most detailed, describing the program the redirect is trying to call); Opera presents a warning but only shows the first 40 characters of the URL being called; Firefox requests a confirmation but doesn't show the URL; and Safari will directly execute the program without warnings.

RealPlayer is also vulnerable to external calls using crafted URLs, write the company's Luigi Auriemma and Donato Ferrante.

One proof-of-concept demonstrated in the paper is the use of the Steam reinstall feature, an undocumented feature for installing backups from a local directory. This has a splash image processor which, the paper says, has an integer overflow vulnerability that "may allow executing malicious code on the Steam process."

Other undocumented features in Steam include command-line parameters in the Source engine (used by games such as Half-Life and CounterStrike), callable from a URL and also vulnerable; and integer overflow vulnerabilities in the Unreal engine.

These and other vulnerabilities are detailed in the video below:

Users can disable the steam:// protocol in their browser, but a complete fix will depend on Valve, the researchers state. ®